1. Statement of the Technical Field
The invention concerns wireless communications equipment. More particularly, the invention concerns a method for providing high assurance integrity of software installed in a software defined radio.
2. Description of the Related Art
A software defined radio (SDR) is a programmable and reconfigurable system that provides a flexible and scaleable architecture. Such a radio system typically supports many different communication waveforms, thus facilitating improved communications among users, such as government agencies and government services,
A typical software architecture for an SDR comprises an operating environment and installed software applications, such as a waveform application and a communications application. The operating environment can include a real time operating system, a middleware component, and a framework to manage applications. An example of such an architecture is the Joint Tactical Radio Systems (JTRS) Software Communications Architecture (SCA).
Similar to traditional computer systems, the SDR's operating environments need to be booted upon user activation of the system. The SCA infrastructure, operating environments and waveform services are typically booted in a specified sequence upon user activation of the system. However, it should be understood that the operating environment programs are susceptible to alterations by physical access to a SDR system or via an attack by a software program In an attempt to subvert the SDR system. For these reasons, software programs may be stored in one or more file systems in encrypted form to protect them from being easily accessed and corrupted. However in this instance, the programs must first be decrypted before the programs can be deployed and executed from computer memory. When encryption is not used as a means of protection, the boot sequence often includes one or more steps for ascertaining whether or not a SDR system has been a victim of such a malicious act.
A typical boot sequence for a SDR includes five boot layers. For example, the device drivers are loaded first. After the device drivers are loaded, one or more operating environments are loaded. For example, a core operating environment can be loaded for a core processor. The core processor is that processor which is responsible for system resource allocation and centralized system control functions, such as initiating waveform instantaition, centralized file management, and so on. The core processor can he implemented as a single BLACK core processor, a single RED core processor, or a combination of a BLACK and RED core processor, if the core processor is a combination of a BLACK and RED core processor, then the operating environments are loaded In a particular sequence (for example, the BLACK core operating environment is loaded, followed by the RED core operating environment, the BLACK channel operating environment and the RED channel operating environment).
The terms BLACK and RED are conventionally used to refer to areas or compartments within a piece of equipment. Where such terminology is used, it is generally true that only information that is non-sensitive (from a security standpoint) is located within a BLACK compartment In contrast, a RED compartment may contain both sensitive and non-sensitive Information. However, in an SDR system there is usually classified waveform code that must reside in the BLACK compartment since it is implemented by the modem. In the present application, the terms “BLACK” and “RED” are generally used to differentiate among general purpose processors (GPPs) in a channel or core of an SDR.
This step includes running at least one software routine to ascertain whether or not the operating environment programs (i.e., the operating systems, the common object brokers, and the core frameworks) have been maliciously altered. Such a software routine typically used for this purpose includes computationally intensive processing (for example, a secure hash algorithm processing such as that described in FIPS PUB 180-2, a digital signature algorithm processing, or a digital signature verification processing such as that described in FIPS PUB 186-2(1)). Once the full operating environment is loaded, the platform devices and services (i.e., common object request broker architecture (CORBA) components) are loaded. Subsequently, any other software applications, such as radio waveform, are launched.
A person can appreciate the need In a military context of being able to use a radio device almost instantaneously. For example, in a time-critical situation, such as when a group of armed forces come under attack, the need to be able to relay information between other members of the armed forces as quickly as possible is absolutely necessary. Since radios are often powered down to conserve battery power, a boot process is needed which takes a shorter amount of time to power up the SDR in such scenarios while still guarantying software integrity.